General
-
Target
2a3af60ffefbd05d0da07d573f8b26b9_JaffaCakes118
-
Size
166KB
-
Sample
240707-3t17bsscpl
-
MD5
2a3af60ffefbd05d0da07d573f8b26b9
-
SHA1
085ac24ce2348f9fb961fafd7aa3435bc1d3a9b9
-
SHA256
d3de3de61db52a813fc8197cb08d585a2627a4c01300c3a922f0a7c1240b5bcf
-
SHA512
c888ad20486e6f06f6592e7414f6110eb54d9dec38ce1048c1d1f8d7e4cae46f514888db21ab0d7f29325108052d879f3a1f646562150feeaec50ebc2cfb2da8
-
SSDEEP
3072:rpDCt2yqGU7+JltZrpRublQ3CG49tcs/IgzKlRZ1/pCUd9:rpNyqBathpKvZKlzFpt9
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
2a3af60ffefbd05d0da07d573f8b26b9_JaffaCakes118
-
Size
166KB
-
MD5
2a3af60ffefbd05d0da07d573f8b26b9
-
SHA1
085ac24ce2348f9fb961fafd7aa3435bc1d3a9b9
-
SHA256
d3de3de61db52a813fc8197cb08d585a2627a4c01300c3a922f0a7c1240b5bcf
-
SHA512
c888ad20486e6f06f6592e7414f6110eb54d9dec38ce1048c1d1f8d7e4cae46f514888db21ab0d7f29325108052d879f3a1f646562150feeaec50ebc2cfb2da8
-
SSDEEP
3072:rpDCt2yqGU7+JltZrpRublQ3CG49tcs/IgzKlRZ1/pCUd9:rpNyqBathpKvZKlzFpt9
Score10/10-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1